diff options
author | Jason Zaman <jason@perfinion.com> | 2017-09-10 20:56:26 +0800 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2017-09-17 11:25:22 +0800 |
commit | 7cbbfd7a20f904db1c3b0611022f211b3d51aaff (patch) | |
tree | f9ac55b9d7637989f0c780e82a3c59ce26726c77 | |
parent | dphysswapfile: Module version bump. (diff) | |
download | hardened-refpolicy-7cbbfd7a20f904db1c3b0611022f211b3d51aaff.tar.gz hardened-refpolicy-7cbbfd7a20f904db1c3b0611022f211b3d51aaff.tar.bz2 hardened-refpolicy-7cbbfd7a20f904db1c3b0611022f211b3d51aaff.zip |
pulseaudio: Add neccessary map permissions
-rw-r--r-- | policy/modules/contrib/pulseaudio.if | 2 | ||||
-rw-r--r-- | policy/modules/contrib/pulseaudio.te | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/policy/modules/contrib/pulseaudio.if b/policy/modules/contrib/pulseaudio.if index 921e519c..3073fd4a 100644 --- a/policy/modules/contrib/pulseaudio.if +++ b/policy/modules/contrib/pulseaudio.if @@ -33,7 +33,7 @@ interface(`pulseaudio_role',` allow $2 pulseaudio_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms }; allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:dir { manage_dir_perms relabel_dir_perms }; - allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:file { manage_file_perms relabel_file_perms }; + allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:file { manage_file_perms relabel_file_perms map }; allow $2 pulseaudio_tmp_t:dir { manage_dir_perms relabel_dir_perms }; allow $2 pulseaudio_tmp_t:file { manage_file_perms relabel_file_perms }; diff --git a/policy/modules/contrib/pulseaudio.te b/policy/modules/contrib/pulseaudio.te index b4154208..4dcc776f 100644 --- a/policy/modules/contrib/pulseaudio.te +++ b/policy/modules/contrib/pulseaudio.te @@ -54,7 +54,7 @@ allow pulseaudio_t self:tcp_socket { accept listen }; allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms; allow pulseaudio_t pulseaudio_home_t:dir manage_dir_perms; -allow pulseaudio_t pulseaudio_home_t:file manage_file_perms; +allow pulseaudio_t pulseaudio_home_t:file { manage_file_perms map }; allow pulseaudio_t pulseaudio_home_t:lnk_file manage_lnk_file_perms; userdom_user_home_dir_filetrans(pulseaudio_t, pulseaudio_home_t, dir, ".pulse") @@ -73,6 +73,7 @@ userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, "native") manage_dirs_pattern(pulseaudio_t, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t) manage_files_pattern(pulseaudio_t, pulseaudio_tmpfs_t, { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }) +allow pulseaudio_t { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:file map; fs_tmpfs_filetrans(pulseaudio_t, pulseaudio_tmpfs_t, { dir file }) manage_dirs_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t) @@ -138,6 +139,7 @@ logging_send_syslog_msg(pulseaudio_t) miscfiles_read_localization(pulseaudio_t) userdom_read_user_tmpfs_files(pulseaudio_t) +userdom_map_user_tmpfs_files(pulseaudio_t) userdom_delete_user_tmpfs_files(pulseaudio_t) userdom_search_user_home_dirs(pulseaudio_t) userdom_search_user_home_content(pulseaudio_t) @@ -238,6 +240,7 @@ allow pulseaudio_client pulseaudio_tmp_t:file manage_file_perms; allow pulseaudio_client pulseaudio_tmp_t:sock_file manage_sock_file_perms; rw_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }) +allow pulseaudio_client pulseaudio_tmpfs_t:file map; delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, pulseaudio_tmpfsfile) fs_getattr_tmpfs(pulseaudio_client) |